Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Back To Schedule
Wednesday, June 5 • 11:05 - 11:20
Exploring Emotet, an Elaborate Everyday Enigma

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The Emotet Trojan is the most widespread malware family in the wild. It has been, and is still, the most notorious and costly malware since its appearance more than five years ago. Emotet owes its reputation to its constant state of evolution and change. The malware's rapid advancement helps support its highly sophisticated operation. In this presentation, I'll walk attendees through my investigation of the Emotet family and reverse engineering of its components.

In this talk, I'll discuss the capabilities and features of Emotet: a detailed overview of its multilayered operation, starting with the spam lure, the malicious attachments (and their evolution); and the malware executable itself, from its highly sophisticated packer, to its C&C communications.

Emotet is well-known for its modular architecture, worm-like propagation, and highly skilled persistence techniques. The recent versions spread rapidly using multiple methods. Besides its capability to spread by brute forcing using its own password lists, it can harvest all the emails from victims, then spread through spam. Its diverse module list hides different malicious intentions, such as information stealing including credentials from browser or email client, spreading capabilities, or delivering other malware as well as ransomware or other banking Trojans.

Finally, I will dissect the background operation of the payload modules. I’ll also present statistics from Sophos about its global reach.


Wednesday June 5, 2019 11:05 - 11:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD